This content is viewable by Everyone

News

Don’t Get Grinched: Tips for Safe Online Holiday Shopping!

Save

  • Author: Esther Silver

  • Date:

Learn about safe online shopping practices and pass the quiz at the end of the article. You could win one of six $50 Amazon gift cards!

Over 70% of Americans have shopped online, and more than 20% of the world's commerce is online. It’s tough to beat the ease and convenience, making the holiday season the perfect time for cybercriminals to exploit unsuspecting online shoppers. This could quickly turn your hassle-free online shopping experience into a potential nightmare of identity theft or other fraud.

Like everything in life, there are benefits and tradeoffs to consider, and whether to shop online or at brick-and-mortar stores is simply another example of weighing risk.  Shopping online is not inherently riskier than shopping in stores, as long as there is awareness of how to do so safely by performing simple measures to protect yourself.

Fortunately, many cyber threats are avoidable. When you shop in person, you most likely lock the car and put away your cash or credit card when you finish your purchase. Similar habits can protect you, your purchases, and your identity when you're shopping online – both during the holiday season and year-round:

Safe Shopping Habits

  • Look out for phishing scams.  As with phishing scams that target business email accounts, be wary of unsolicited emails to personal accounts offering holiday deals and prices that are too good to be true.  The same phishing precautions at work apply to your personal accounts as well.
  • Shop reliable websites. If an offer sounds too good to be true, it probably is! Don't be fooled by the lure of great discounts by less-than-reputable websites or fake companies that may be peddling counterfeit, knock-off, or substandard merchandise. Use the sites of retailers you know and trust and get to their sites by directly typing a known, trusted URL into the address bar instead of clicking on a link. Scammers frequently use a URL that is very close to an actual retailer's URL, so look closely. Extraneous symbols in the URL are also a red flag.
  • Beware of seasonal scams. Fake package-tracking emails, fake e-cards, charity donation scams, and emails requesting that you confirm purchase information are particularly common around the holidays. Use known, trusted URLs instead of clicking on links.
  • Conduct research. There are a lot of fake and malicious companies out there this time of year. When considering a new website or online company for your holiday purchases, read reviews and see if other customers have had positive or negative experiences with them.  Also, you can go to ScamAdvisor.com. The site provides trust scores for any website based on several objective security-related criteria
  • Pay by credit card only, not by debit card, wire transfers, money orders, or gift cards. Credit cards offer consumer protections that may reduce your liability from fraud if your information is misused. Debit cards typically do not have this same level of protection. Wire transfers, money orders, and gift cards put the money directly into a scammer's pocket, and you likely won't receive anything for the money you paid.  Likewise, transactions via cash apps for electronic payment, such as Zelle, Venmo, PayPal, etc., are generally safe and secure as long as you verify the recipient’s identity and purchase amount and understand that usually, once sent, it cannot be recovered. 
  • Don't auto-save your passwords or credit card numbers except in a reputable password management site like Keeper. The inconvenience of re-entering the information is insignificant compared to the time you would spend trying to repair the loss of your stolen information.
  • Check your credit card and bank statements regularly. These are often the first indicators that your account information or identity has been stolen. If there is a discrepancy, report it immediately.
  • Don't ever provide your financial or personal information via email or text.

Best Habits for Shopping and Everything Else You Do Online!

  • Always think twice before clicking links or opening attachments – even if they appear from people you know, legitimate organizations, favorite retailers, or your bank. Messages can easily be faked. Use known, trusted URLs instead of clicking on links. And open known, expected attachments only. When in doubt, throw it out!
  • Keep clean machines! Before searching for that perfect gift, ensure your device, apps, browser, and anti-virus/anti-malware software are patched and up to date.
  • Unique account, unique long and strong password: Having separate passwords for every account helps to thwart cybercriminals by reducing exposure to multiple accounts. At a minimum, separate your UCSF and personal accounts and make sure that your critical accounts have strong and long passwords – and multi-factor authentication if possible. Using a reputable password manager such as Keeper can help.
  • Secure all your devices with a complex password.  Set a timeout that locks your devices after a period of inactivity, and be sure they require a password or other authentication to start up or resume activity.
  • Use only apps from known, reputable sources. Less reputable apps can include malicious software ("malware") designed to steal credit card and other sensitive information. Keep your apps up to date.
  • Don't respond to pop-ups. Ignore pop-up offers and deals. Just close them. Don’t respond, click links, or call the phone numbers. Similarly, don’t respond to pop-ups saying you need to buy anti-virus software or software to “clean your infected computer.” These are all scams.
  • Disable Bluetooth, wireless, and Near Field Communications (NFC) when not in use to reduce the risk of your data being intercepted by thieves.

Take the IT Security Awareness quiz. Everyone who passes is entered to win a prize! The prize for passing this quiz is an entry in a drawing for one of six $50 Amazon gift cards.

Shopping security resources